Upgrade: [dependabot] - bump mikefarah/yq from 4.52.2 to 4.52.4 (#70)

Bumps [mikefarah/yq](https://github.com/mikefarah/yq) from 4.52.2 to
4.52.4.
<details>
<summary>Release notes</summary>
<p><em>Sourced from <a
href="https://github.com/mikefarah/yq/releases">mikefarah/yq's
releases</a>.</em></p>
<blockquote>
<h2>v4.52.4</h2>
<ul>
<li>Dropping windows/arm - no longer supported in cross-compile</li>
<li>Fixing comments in TOML arrays (<a
href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li>
<li>Bumped dependencies</li>
</ul>
</blockquote>
</details>
<details>
<summary>Changelog</summary>
<p><em>Sourced from <a
href="https://github.com/mikefarah/yq/blob/master/release_notes.txt">mikefarah/yq's
changelog</a>.</em></p>
<blockquote>
<p>4.52.4:</p>
<ul>
<li>Dropping windows/arm - no longer supported in cross-compile</li>
</ul>
<p>4.52.3:</p>
<ul>
<li>Fixing comments in TOML arrays (<a
href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>)</li>
<li>Bumped dependencies</li>
</ul>
<p>4.52.2:</p>
<ul>
<li>Fixed bad instructions file breaking go-install (<a
href="https://redirect.github.com/mikefarah/yq/issues/2587">#2587</a>)
Thanks <a
href="https://github.com/theyoprst"><code>@​theyoprst</code></a></li>
<li>Fixed TOML table scope after comments (<a
href="https://redirect.github.com/mikefarah/yq/issues/2588">#2588</a>)
Thanks <a
href="https://github.com/tomers"><code>@​tomers</code></a></li>
<li>Multiply uses a readonly context (<a
href="https://redirect.github.com/mikefarah/yq/issues/2558">#2558</a>)</li>
<li>Fixed merge globbing wildcards in keys (<a
href="https://redirect.github.com/mikefarah/yq/issues/2564">#2564</a>)</li>
<li>Fixing TOML subarray parsing issue (<a
href="https://redirect.github.com/mikefarah/yq/issues/2581">#2581</a>)</li>
</ul>
<p>4.52.1:</p>
<ul>
<li>
<p>TOML encoder support - you can now roundtrip! <a
href="https://redirect.github.com/mikefarah/yq/issues/1364">#1364</a></p>
</li>
<li>
<p>Parent now supports negative indices, and added a 'root' command for
referencing the top level document</p>
</li>
<li>
<p>Fixed scalar encoding for HCL</p>
</li>
<li>
<p>Add --yaml-compact-seq-indent / -c flag for compact sequence
indentation (<a
href="https://redirect.github.com/mikefarah/yq/issues/2583">#2583</a>)
Thanks <a href="https://github.com/jfenal"><code>@​jfenal</code></a></p>
</li>
<li>
<p>Add symlink check to file rename util (<a
href="https://redirect.github.com/mikefarah/yq/issues/2576">#2576</a>)
Thanks <a
href="https://github.com/Elias-elastisys"><code>@​Elias-elastisys</code></a></p>
</li>
<li>
<p>Powershell fixed default command used for __completeNoDesc alias (<a
href="https://redirect.github.com/mikefarah/yq/issues/2568">#2568</a>)
Thanks <a
href="https://github.com/teejaded"><code>@​teejaded</code></a></p>
</li>
<li>
<p>Unwrap scalars in shell output mode. (<a
href="https://redirect.github.com/mikefarah/yq/issues/2548">#2548</a>)
Thanks <a
href="https://github.com/flintwinters"><code>@​flintwinters</code></a></p>
</li>
<li>
<p>Added K8S KYAML output format support (<a
href="https://redirect.github.com/mikefarah/yq/issues/2560">#2560</a>)
Thanks <a
href="https://github.com/robbat2"><code>@​robbat2</code></a></p>
</li>
<li>
<p>Bumped dependencies</p>
</li>
<li>
<p>Special shout out to <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a> for
reviewing my PRs!</p>
</li>
</ul>
<p>4.50.1:</p>
<ul>
<li>Added HCL support!</li>
<li>Fixing handling of CRLF <a
href="https://redirect.github.com/mikefarah/yq/issues/2352">#2352</a></li>
<li>Bumped dependencies</li>
</ul>
<p>4.49.2:</p>
<ul>
<li>Fixing escape character bugs 😓 <a
href="https://redirect.github.com/mikefarah/yq/issues/2517">#2517</a></li>
<li>Fixing snap release pipeline <a
href="https://redirect.github.com/mikefarah/yq/issues/2518">#2518</a>
Thanks <a
href="https://github.com/aalexjo"><code>@​aalexjo</code></a></li>
</ul>
<p>4.49.1:</p>
<ul>
<li>Added <code>--security</code> flags to disable env and file ops <a
href="https://redirect.github.com/mikefarah/yq/issues/2515">#2515</a></li>
<li>Fixing TOML ArrayTable parsing issues <a
href="https://redirect.github.com/mikefarah/yq/issues/1758">#1758</a></li>
<li>Fixing parsing of escaped characters <a
href="https://redirect.github.com/mikefarah/yq/issues/2506">#2506</a></li>
</ul>
<p>4.48.2:</p>
<ul>
<li>Strip whitespace when decoding base64 <a
href="https://redirect.github.com/mikefarah/yq/issues/2507">#2507</a></li>
<li>Upgraded to go-yaml v4! (thanks <a
href="https://github.com/ccoVeille"><code>@​ccoVeille</code></a>, <a
href="https://github.com/ingydotnet"><code>@​ingydotnet</code></a>)</li>
<li>Add linux/loong64 to release target (thanks <a
href="https://github.com/znley"><code>@​znley</code></a>)</li>
<li>Added --shell-key-separator flag for customizable shell output
format <a
href="https://redirect.github.com/mikefarah/yq/issues/2497">#2497</a>
(thanks <a
href="https://github.com/rsleedbx"><code>@​rsleedbx</code></a>)</li>
<li>Bumped dependencies</li>
</ul>
<!-- raw HTML omitted -->
</blockquote>
<p>... (truncated)</p>
</details>
<details>
<summary>Commits</summary>
<ul>
<li><a
href="https://github.com/mikefarah/yq/commit/5a7e72a743649b1b3a47d1a1d8214f3453173c51"><code>5a7e72a</code></a>
Bumping version</li>
<li><a
href="https://github.com/mikefarah/yq/commit/562531d9364808982fc9dd45576dcf4dcea4ff9f"><code>562531d</code></a>
Dropping windows/arm</li>
<li><a
href="https://github.com/mikefarah/yq/commit/2c471b64984fd03a22b54c488b8a8ae10841fa55"><code>2c471b6</code></a>
Bumping version</li>
<li><a
href="https://github.com/mikefarah/yq/commit/f4ef6ef3cf29dd6086e3b0deef59473f54e283f4"><code>f4ef6ef</code></a>
Release notes</li>
<li><a
href="https://github.com/mikefarah/yq/commit/f49f2bd2d8b92b725a1f8632dfbc9598d997365e"><code>f49f2bd</code></a>
Bump golang.org/x/mod from 0.31.0 to 0.33.0 (<a
href="https://redirect.github.com/mikefarah/yq/issues/2606">#2606</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/6ccc7b77970452f0848dc878455a9f835d7c8d1b"><code>6ccc7b7</code></a>
Bump golang.org/x/net from 0.49.0 to 0.50.0 (<a
href="https://redirect.github.com/mikefarah/yq/issues/2604">#2604</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/b3e1fbb7d199c76f1f6eff4579382ae682ee611d"><code>b3e1fbb</code></a>
Bump golang from 1.25.6 to 1.26.0 (<a
href="https://redirect.github.com/mikefarah/yq/issues/2603">#2603</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/288ca2d114a6698de073528f0e4fffabb2345e54"><code>288ca2d</code></a>
Fixing comments in TOML arrays <a
href="https://redirect.github.com/mikefarah/yq/issues/2592">#2592</a>
(<a
href="https://redirect.github.com/mikefarah/yq/issues/2595">#2595</a>)</li>
<li><a
href="https://github.com/mikefarah/yq/commit/eb04fa87af9a8eeeb276884e394e280fe45cbdcd"><code>eb04fa8</code></a>
More tests</li>
<li>See full diff in <a
href="https://github.com/mikefarah/yq/compare/2be0094729a1006f61e8339ce9934bfb3cbb549f...5a7e72a743649b1b3a47d1a1d8214f3453173c51">compare
view</a></li>
</ul>
</details>
<br />


[![Dependabot compatibility
score](https://dependabot-badges.githubapp.com/badges/compatibility_score?dependency-name=mikefarah/yq&package-manager=github_actions&previous-version=4.52.2&new-version=4.52.4)](https://docs.github.com/en/github/managing-security-vulnerabilities/about-dependabot-security-updates#about-compatibility-scores)

Dependabot will resolve any conflicts with this PR as long as you don't
alter it yourself. You can also trigger a rebase manually by commenting
`@dependabot rebase`.

[//]: # (dependabot-automerge-start)
[//]: # (dependabot-automerge-end)

---

<details>
<summary>Dependabot commands and options</summary>
<br />

You can trigger Dependabot actions by commenting on this PR:
- `@dependabot rebase` will rebase this PR
- `@dependabot recreate` will recreate this PR, overwriting any edits
that have been made to it
- `@dependabot show <dependency name> ignore conditions` will show all
of the ignore conditions of the specified dependency
- `@dependabot ignore this major version` will close this PR and stop
Dependabot creating any more for this major version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this minor version` will close this PR and stop
Dependabot creating any more for this minor version (unless you reopen
the PR or upgrade to it yourself)
- `@dependabot ignore this dependency` will close this PR and stop
Dependabot creating any more for this dependency (unless you reopen the
PR or upgrade to it yourself)


</details>

---------

Signed-off-by: dependabot[bot] <support@github.com>
Co-authored-by: dependabot[bot] <49699333+dependabot[bot]@users.noreply.github.com>
Co-authored-by: Anthony Brown <anthony.brown8@nhs.net>

Author: dependabot[bot]

.github/workflows/quality-checks.yml

@@ -182,7 +182,7 @@ jobs:
           fi
           touch trivy.yaml
       - name: Update trivy config to include dev dependencies
-        uses: mikefarah/yq@2be0094729a1006f61e8339ce9934bfb3cbb549f
+        uses: mikefarah/yq@5a7e72a743649b1b3a47d1a1d8214f3453173c51
         with:
           cmd: yq -i '.pkg.include-dev-deps = true' 'trivy.yaml'
       - name: convert python dependencies to requirements.txt

.trivyignore.yaml

@@ -10,6 +10,12 @@ vulnerabilities:
   - id: CVE-2026-25547
     statement: isaacs/brace-expansion vulnerability accepted as risk - dependency of semantic-release
     expired_at: 2026-03-01
-  - id: CVE-2026-0775 
+  - id: CVE-2026-0775
     statement: npm vulnerability accepted as risk - dependency of semantic-release
     expired_at: 2026-03-01
+  - id: CVE-2026-26996
+    statement: minimatch vulnerability accepted as risk
+    expired_at: 2026-06-01
+  - id: CVE-2026-26960
+    statement: tar vulnerability accepted as risk
+    expired_at: 2026-06-01